Posted on Techdirt - 5 October 2017 @ 1:43pm
Back in February, we wrote about a disturbing court decision that said that standards that are "incorporated by reference" into law, could still be copyright infringing if posted to the internet. In that earlier post I go into much more background, but the short version is this: lots of laws point to standards put together by private standards bodies, and say, effectively, "to be legal, you must meet this standard." For example, fire codes may be required to meet certain standards put together by a private standards body. Carl Malamud has spent years trying to make the law more accessible, and he started posting such standards that are "incorporated by reference" into the law publicly. His reasoning: once the government incorporates the standard into the law, the standard must be publicly available. Otherwise, you have a ridiculous situation in which you can't even know what the law is that governs you unless you pay (often a lot) to access it.
Standards bodies weren't happy about this -- as some of them make a large chunk of money from selling access to the standards. But from a straight up "the law should be public" standpoint, the answer should be "too bad." Unfortunately, the district court didn't see it that way, and basically said it's okay to have parts of our laws blocked by copyright. We thought that ruling had some serious problems, and Malamud and his organization Public.Resource.Org appealed. A bunch of amicus briefs have been filed in the case -- which you can see at EFF's case page on the lawsuit. There's a good one from some law professors about how the lower court got it wrong, as well as a ton of library associations (and also other law professors and former gov't officials). Public Citizen also filed a good brief on the importance of having access to the law. It's worth reading them all.
However, I wanted to focus on a different amicus brief, filed by two sitting members of Congress, Reps. Zoe Lofgren and Darrell Issa. The brief was put together by Harvard's Cyberlaw Clinic, with help from lawyer Cathy Gellis (who has represented us from time to time, as well as written some posts for Techdirt). It's certainly not unheard of to have members of Congress file amicus briefs in cases, but it's not particularly common either. The fact that two members of Congress are worried about the due process implications of a court ruling should, hopefully, capture the court's attention.
For the law to govern and protect the people, the people must know what the law is. By offering an electronic platform for the publication of legal codes and standards, Public Resource helps the public by providing access to laws that might otherwise be functionally inaccessible. Without this access, the consequences are significant. First, those who inadvertently violate inaccessible regulations may be blindsided by civil and criminal penalties for violations they did not know to avoid. Second, those whose health and welfare depends on others’ compliance with these regulations may suffer damage to their life, liberty, and property, as a result of both others’ ignorance of the law and their own inability to access the law in order to pursue enforcement. This Court should not endorse a copyright regime that allows private SDOs to limit access to the legal rules that govern and protect the public.
Also:
As members of Congress, our job is to draft and enact laws that govern the United States. But mere passage of legislation is not enough; due process requires more. The Fifth and Fourteenth Amendments dictate that no person is to be “deprived of life, liberty, or property, without due process of law.” U.S. Const. amend. V; U.S. Const. amend. XIV. There can be no due process when people cannot remain informed of the laws by which they are bound. And they cannot remain informed when the law itself is not sufficiently communicated to the people it governs.
Lots of people could make those points -- but having it come from the people who actually make the laws seems to make the point that much more relevant. Hopefully the court agrees.
Read More | 20 Comments | Leave a Comment..
Posted on Techdirt - 4 October 2017 @ 3:21pm
The European Court of Justice is going to look into the acceptability of US internet company's privacy practices under the so-called "Privacy Shield" framework that was put in place last year. As you may recall, for years, the EU and the US had a "safe harbor" agreement, under which tech companies underwent a fairly silly and almost entirely pointless process (I know, because we did it ourselves...) by which the companies effectively promised to live up to the EU's data protection rules, in order to move data from servers in the EU across the Atlantic to the US. It is important that companies be allowed to do this, because without it, the internet doesn't function all that well. But, because of NSA snooping, it became clear that what companies were promising couldn't match what was actually happening. And thus, the EU Court of Justice tossed out the framework, saying that it violated EU data protection rules.
After a bit of a scramble, the EU and the US came to an agreement on another framework, called the "Privacy Shield" that both argued was acceptable. It required US companies to do better in handling Europeans' data, to make sure EU residents had redress over data protection and included some transparency requirements regarding US government access to the data. However, as we noted at the time, unless the US was drastically changing how the NSA did surveillance, it seemed nearly impossible for the Privacy Shield to be valid under EU law. And, indeed, Max Schrems, the guy whose lawsuit brought down the original "safe harbor" quickly challenged the Privacy Shield in an Irish court. Over the past few months, we've pointed out that some of Trump's statements on surveillance made it clear that the Privacy Shield was not likely to survive.
Earlier this week, the Irish court asked the European Court of Justice to review. The ruling is long (over 150 pages) and pretty detailed. The court clearly recognizes how important this issue is:
The case raises issues of very major, indeed fundamental, concern to millions of people within the European Union and beyond. Firstly, it is relevant to the data protection rights of millions of residents of the European Union. Secondly, it has implications for billions of euros worth of trade between the EU and the US and, potentially, the EU and other non-EU countries. It also has potentially extremely significant implications for the safety and security of residents within the European Union. There is considerable interest in the outcome of these proceedings by any parties having a very real interest in the issues at stake.
The court hasn't yet officially asked the CJEU to weigh in, but rather has said that it will -- but first it wants the parties involved in the case to more or less argue about what exactly should be the questions submitted to the CJEU.
Most of the ruling itself is basically around whether or not there's anything to discuss here at all. Facebook -- the service whose privacy practices are at issue in this particular case -- tried to argue that because surveillance issues are "national security" and there's a carve out for national security, there's no issue with the Privacy Shield But the court doesn't buy that. First, it says that the issue under scrutiny is about the relationship between the EU and its member states (and how the data protection rules work) rather than a question about "national security" in the US. Similarly, it points to the original Schrems ruling that got the old safe harbor tossed out and notes that no one had a problem with saying the law applied in that case:
The submission is inconsistent with the ruling of the High Court in Schrems v. The Data Protection Commissioner [2014] 3 I.R. 75 and the CJEU in Schrems where the court proceeded on the basis that it had jurisdiction to rule on the reference. If Facebook’s submission in this case is correct, it did not have jurisdiction so to proceed. Eight Member States, the European Parliament, the European Commission and the European Data Protection Supervisor intervened in those proceedings. If Facebook’s point was well made, it is remarkable that none of these participants raised this fundamental matter of jurisdiction.
So, there's still time before the CJEU will sort this out, but we stand by our initial statement. Unless the US changes its NSA surveillance practices, it's difficult to see how the Privacy Shield comes to an end any different than the old privacy safe harbors. If the US doesn't want to have the Privacy Shield rejected again, it might want to start by reforming surveillance -- and it can do that right away in refusing to renew Section 702 of the FISA Amendments Act without significant reform and modifications.
Read More | 6 Comments | Leave a Comment..
Posted on Techdirt - 4 October 2017 @ 11:55am
We've discussed in the past the completely ridiculous attacks on Sci-Hub, a site that should be celebrated as an incredible repository of all the world's academic knowledge. It's an incredible and astounding achievement... and, instead of celebrating it, we have big publishers attacking it. Because copyright. And even though the purpose of copyright was supposedly to advance "learning" and Sci-Hub serves that purpose amazingly well, so many people have bought into the myth of copyrights must "exclude" usage, that we're in a time where one of the most amazing libraries in the world is being attacked. Sci-Hub lost its big case earlier this year, and almost immediately others piled on. Specifically, back in June, the American Chemical Society (ACS) jumped in with a similar "us too!" lawsuit, knowing full well that Sci-Hub would likely ignore it.
ACS has moved for a default judgment against Sci-Hub (what you tend to get when the defendant ignores the lawsuit), which it would likely get. However, in an extremely troubling move, the magistrate judge reviewing the case for the Article III judge who will make the final ruling has recommended forcing ISPs and search engines to block access to Sci-Hub. After recommending the standard (and expected) injunction against Sci-Hub, the recommendation then says:
In addition, the undersigned recommends that it be ordered that
any person or entity in privity with Sci-Hub and with notice of the injunction, including any
Internet search engines, web hosting and Internet service providers, domain name registrars, and
domain name registries, cease facilitating access to any or all domain names and websites
through which Sci-Hub engages in unlawful access to, use, reproduction, and distribution of
ACS's trademarks or copyrighted works. Finally, the undersigned recommends that it be
ordered that the domain name registries and/or registrars for Sci-Hub's domain names and
websites, or their technical administrators, shall place the domain names on
registryHold/serverHold or such other status to render the names/sites non-resolving.
So, this is kind of incredible. Because, as you might remember, there was a big fight a little over five years ago about a pair of bills in Congress called SOPA and PIPA that proposed allowing for such an order being issued to third parties like search engines, ISPs, domain registrars and the like, demanding they block all access to certain websites. And, following quite a public outcry (which also explained why this approach would do serious harm to certain security standards and other technical aspects of how the internet works), Congress backed down and decided it did not want to enable courts to issue such orders.
So why the hell is Magistrate Judge John F. Anderson recommending such an order?
At the very least, it seems problematic. Even if you ignore the Sci-Hub part of the equation (since it ignored the lawsuit, a default judgment was basically inevitable), you should be concerned about this. Here's a court order binding a very large number of non-parties to the lawsuit to completely block access to a variety of websites, without any sort of due process. One hopes that ISPs, domain registrars and search engines will push back on such an overbroad order -- one that even Congress realized was a step too far and never authorized.
Read More | 21 Comments | Leave a Comment..
Posted on Techdirt - 3 October 2017 @ 9:20am
Even though Oracle is based in the heart of Silicon Valley (I can see its offices from my own office window as I type this), the company has become sort of anti-Silicon Valley. It tends to represent the opposite of nearly everything that is accepted wisdom around here. And its latest crusade is against open source technology being used by the federal government -- and against the government hiring people out of Silicon Valley to help create more modern systems. Instead, Oracle would apparently prefer the government just give it lots of money.
First, some background: over the past few years, one of the most positive things involving the federal government and technology has been the success of two similar (but also very different) organizations in the US government: US Digital Service (USDS) and 18F. If you're completely unfamiliar with them there are plenty of articles describing both projects, but this one is a good overview. But the really short version is that both projects were an attempt to convince internet savvy engineers to help out in the federal government, and to bring a better understanding of modern technology into government. And it's been a huge success in a variety of ways -- such as creating federal government websites that are modern, secure and actually work. And even though both programs are associated with President Obama, the Trump administration has been adamant that it supports both organizations as well, and they're important to continuing to modernize the federal government. The offices are not politicized, and they have been some of the best proof we've got that government done right involves smart, dedicated technologists.
Of course, not everyone is thrilled with these organizations. Old school federal contractors, for one, have been grumbling loudly about 18F daring to do things like making government procurement open to small businesses. After all, these contractors have spent decades charging the government billions for crappy products, in part, because they know how to work the system. Bringing in actual engineers who realize that it's crazy to spend so much money on crappy solutions -- especially when there are much better solutions that are often open, seems to really piss off some folks who grew fat and happy overcharging the government. And they've found some front groups who argue that these programs are a waste of government money, which would be better spent giving billions to private contractors.
Either way, the Trump Administration, following a Trump executive order, requested feedback on how best to modernize government IT. The request for comments and all the submitted comments are on Github (which is nice to see). Many are quite interesting, but the one that really caught my eye, was Oracle's submission, which I can only describe as... curmudgeonly.
A little more background: if it weren't for Oracle's failures, there might not even be a USDS. USDS really grew out of the emergency hiring of some top notch internet engineers in response to the Healthcare.gov rollout debacle. And if you don't recall, a big part of that debacle was blamed on Oracle's technology. So, perhaps it's not surprising that Oracle might hold a bit of a grudge against USDS. Similarly, while Oracle likes to claim that it's supportive of open source technologies, most recognize that open source has been eating Oracle's lunch for a while now.
Even with all that background, the sheer contempt found in Oracle's submission on IT modernization is pretty stunning. The letter complains about three "false narratives" that "have taken the [US government] off track":
False Narrative: Government should attempt to emulate the fast-paced innovation of
Silicon Valley. Silicon Valley is comprised of IT vendors most of which fail. The USG
is not a technology vendor nor is it a start-up. Under no circumstance should the
USG attempt to become a technology vendor. The USG can never develop, support
or secure products economically or at scale. Government developed products are
not subject to the extensive testing in the commercial market. Instead, the
Government should attempt to emulate the best-practices of large private-sector
Fortune 50 customers, which have competed, evaluated, procured and secured
commercial technology successfully.
Now, this is kind of funny if you follow anything having to do with government and IT projects over the past few decades, as compared to what's happened on projects where USDS and 18F have been involved. For example, remember the big new $600 million (only $220 million over budget) computer system the FBI paid for that was useless for catching terrorists and had to be completely written off? This was the system, built by giant government contractor SAIC, that a computer science professor who was asked to review the system said he was planning to go on a crime spree the day the system launched, knowing the FBI wouldn't be functional. The same system that was so bad that a contractor who was trying to do something so simple as add a printer to the network had to hack the system, accessing the usernames and passwords of 38,000 FBI employees (including then director Robert Mueller) just to do his job.
Is that really the kind of world we want to go back to? And that's just one example, but there are many others like this. Yet, whenever you look at the systems that USDS and 18F are working on, they seem to actually work. They also seem secure. So, sure, it's easy to attack having the government put together these systems, but real world experience seems to show that these groups, staffed with experienced internet engineers does things a lot better.
False Narrative: In-house government IT development know-how is critical for IT
modernization. In-house government procurement and program management
expertise is central to successful modernization efforts. Significant IT development
expertise is not. Substantial custom software development efforts were the norm at
large commercial enterprises, until it became obvious that the cost and complexity of
developing technology was prohibitive, with the end-products inherently insecure
and too costly to maintain long-term. The most important skill set of CIO’s today is to
critically compete and evaluate commercial alternatives to capture the benefits of
innovation conducted at scale, and then to manage the implementation of those
technologies efficiently. Then, as evidenced by both OPM and Equifax, there needs
to be a singular focus on updating, patching, and securing these systems over time.
There's at least some truth to the idea that developing things from scratch is not ideal in many cases, but claiming that those making decisions on federal IT shouldn't have development knowledge is ludicrous. When you don't have that kind of knowledge, that's when you get the big federal contractors coming in and selling you $600 million FBI computer systems that are useless at catching terrorists. I'd be curious if any software developers out there actually think they get better requirements docs from those with dev experience, or those without? Because over and over and over again, I've seen that when the management side actually understands software development, then the process tends to go much more smoothly, because people are much more realistic. Having non-technically inclined managers making these decisions tends to go poorly. Remember the massive computer system that the Copyright Office wasted millions on? That involved a failure of the Copyright Office to set requirements with the outside vendor who never could actually build a working system.
False Narrative: The mandate to use open source technology is required because
technology developed at taxpayer expense must be available to the taxpayer. Here
there is an inexplicable conflation between “open data,” which has a long legacy in
the USG and stems from decades old principles that the USG should not hold
copyrights, and “open source” technology preferences, which have been long
debated and rejected. There is no such principle that technology developed or
procured by the USG should be available free for all citizens, in fact that would
present a significant dis-incentive to conducting business with the USG.
This is the most ridiculous of all. Copyright law is pretty clear on this: works of the US government shouldn't be subject to copyright -- and many in the government have embraced variations on open source to live up to that requirement. The idea that open source somehow creates disincentive to working with the US government is hilarious. Maybe for a company like Oracle, but tons of others are happy to work with the US government and lots of open source technologies have made government IT faster, cheaper and more secure.
But Oracle really wants to dig in on this point, with some complete bullshit about how open source is somehow less secure... because the Equifax hack came via a vulnerability in open source:
Developing custom software and then releasing that code under an open source
license puts the government at unnecessary security risk as that code is not
“maintained by a community,” but is rather assessed and exploited by adversaries.
Further, this practice puts the government – most likely in violation of the law – in
direct competition with U.S. technology companies, who are now forced to compete
against the unlimited resources of the U.S. taxpayer. The Equifax breach stemmed
from an exploit in the open source Apache Struts framework.
The Equifax breach stemmed from Equifax failing to patch a widely discussed bug that competent administrators should have patched. The bug was found and patched because it was open source.
Speaking of "false narratives," Oracle also claims that open source technology is being used less and less in the corporate world:
Open source software has many appropriate uses and should be competed against
proprietary software for the best fit and functionality for any given workload, but the
fact is that the use of open source software has been declining rapidly in the private
sector. There is no math that can justify open source from a cost perspective as the
cost of support plus the opportunity cost of forgoing features, functions, automation
and security overwhelm any presumed cost savings. The actions of 18F and USDS
plainly promote open source solutions and then propagate those mandates across
government with the implicit endorsement of the White House. The USG’s
enthusiasm for open source software is wholly inconsistent with the use of OSS in
the private sector.
If you actually follow the open source software market, Oracle's claim here is laughable. Open source is now commonplace in the enterprise and that's only increasing, not decreasing.
Also, somewhat hilariously, Oracle tries to argue that letting USDS and 18F develop things means that there will be extra costs, compared to letting private companies develop stuff:
The largest contributor to cost and complexity is customization, yet actions of the
USG and the Report seem to embrace both government developed bespoke
technology and customization. Custom code needs to be maintained, patched,
upgraded and secured over the long-term. The cost of technology comes almost
entirely from labor, not from component parts, whether software, hardware, or
networking. The goal should be to seek leverage and scale by engineering out labor
costs, including process engineering. Government developed technology solutions
must be maintained by the government. Every line of code written by 18F, USDS or
another government agency creates a support tail that results in long term
unbudgeted costs.
But, again, looking at historical IT implementations pre-USDS and 18F and you see example after example of it being the outsourced, private, large government contractor companies whose work results in massive unplanned maintenance costs.
Seriously, this entire filing by Oracle is one giant false narrative of people living in denial about how the world works these days.
There's even more nuttiness in the filing, but you can go through it yourself and count how frequently you gasp at just how wrong it is. This is an old, legacy company trying to cling desperately to old, obsolete, legacy ways. Oracle's entire business was originally created to serve the US government as a customer, and it clearly doesn't want to give that up. But, once again, things like this just make it clear why the top engineers coming out of school today don't have much interest in going to work for a company with views like Oracle's.
37 Comments | Leave a Comment..
Posted on Techdirt - 3 October 2017 @ 3:21am
While the "main event" in the never-ending case of the US Justice Department against Kim Dotcom continues to grind its way ever so slowly through the wheels of justice, one element has basically concluded. And this was the part that should concern you even if you think that Kim Dotcom was completely guilty of criminal copyright infringement. The issue here is that as part of the arrest of Dotcom and his colleagues, the US "seized" many of his assets. Now, when the government seizes assets, it's a temporary thing. They have a certain period of time to hold onto it. Afterwards, they either need to give those assets back or file a separate case to attempt to "forfeit" those items (i.e., keep them forever). Here's where things get a little bizarre. Because Dotcom was fighting extradition in New Zealand, the "deadline" for the US to continue holding the seized assets was approaching -- so they filed the separate case against his stuff. Because it's a civil asset forfeiture case, the case is literally against his stuff, and not against Kim Dotcom (and, yes, this is as weird and nonsensical as it sounds). But there was a twist: because Dotcom was still in New Zealand, the Justice Department said that he was a "fugitive" and thus couldn't even protest the forfeiture of his stuff. Unfortunately, both the district court and the appeals court agreed.
Again, let's be totally clear here -- because sometimes people get so focused on their belief that because Megaupload enabled copyright infringement that this is somehow okay. But here we have a situation where before anyone has been found guilty of anything, the US government was given permission to take and keep all of Kim Dotcom's stuff. This should concern you even if you think Dotcom deserves to rot in prison, because there's a clear absence of due process here. If Dotcom is eventually found to be not guilty -- that won't have any impact on this. The US government still gets to keep his stuff (or, well, whatever it can get its hands on).
So the issue here is not whether or not Kim Dotcom is guilty of copyright infringement. It's whether or not the US government can just take his stuff before that other process has played out. That's a problem.
And, unfortunately, it's a problem that the Supreme Court will not be reviewing at this time. Even as some of the Justices have expressed concerns about civil asset forfeiture, apparently they didn't want to take on this particular case. And, maybe that's okay, because maybe, as with many people, they wouldn't have been able to separate out the copyright question from the civil asset forfeiture question from the fugitive disentitlement question -- all of which are separate but important.
51 Comments | Leave a Comment..
Posted on Techdirt - 2 October 2017 @ 10:43am
There are obviously a lot of mixed motivations behind the push for SESTA -- the Stop Enabling Sex Trafficking Act -- with many of those motivations based on good intentions of actually stopping sex trafficking. Of course, we've explained in great detail how SESTA isn't likely to help at all, and is quite likely to make the problem worse. It also seems clear that many of those lining up in support of the bill see it as a wedge -- a way to slowly dismantle intermediary liability protections for platforms on the internet. And thus, some just see it as a way to attack Google and Facebook out of a general dislike for those companies -- without realizing (or without caring) just how much damage it will do to free speech online and the platforms that enable such speech. We've also been perplexed by SESTA supporters using completely bogus stats to insist the problem of sex trafficking is much larger than it truly is. As we noted, sex trafficking is both very real and an absolute tragedy for those caught up in it and their families. But we should be realistic about the actual scope of the problem -- and many SESTA supporters aren't actually able to do that.
But perhaps the motivation behind some SESTA supporters is... even more absurd. An email popped up in my inbox recently with a bunch of really strong language supporting SESTA, coming from a group calling itself the National Center on Sexual Exploitation (NCSE). They run the website "End Sexual Exploitation" and are strong supporters of SESTA. But what caught my eye is that the end of the email noted the true mission of NCSE isn't to end sex trafficking... but to rid the world of the "public health crisis of pornography."
You see, NCSE began its life in 1962 as Morality in Media, and was a reaction to a ridiculous moral panic over "pornographic material" being left outside of a school. NCSE appears to believe that all porn is pure evil and must be eradicated. The group has insisted that porn is a "public health crisis" and has worked to get states to declare it as such. It also posts a Dirty Dozen list of organizations that it needs to shame for "perpetuating sexual exploitation."
Want to know how totally fucked up the list is? They include the American Library Association and Amnesty International on this year's list. Really. They completely misrepresent the ALA's opposition to mandatory internet filters to claim that libraries have been turned into "a XXX space that fosters child sexual abuse." It put Amnesty on the list because Amnesty dares to call sex workers "sex workers" rather than prostitutes. They also list the Justice Department as an honorable mention for failing to enforce obscenity laws, which NCOSE wants to use to basically criminalize pornography. In other words, NCSE supports pretty blatant censorship.
Now people can certainly differ on their beliefs about prostitution and pornography, but having groups like this at the forefront of destructive, counterproductive bills like SESTA -- which will do nothing to stop actual sex trafficking, and plenty to harm free speech online -- raises some serious questions about what really are the goals of SESTA. NCSE certainly seems to think it's part of the plan to wipe out all pornography. Considering that other SESTA supporters insist (incorrectly) that SESTA won't have any impact on speech online, they might want to consider why one of their major coalition partners seems to be eagerly looking for ways to censor the internet.
79 Comments | Leave a Comment..
Posted on Techdirt - 2 October 2017 @ 6:32am
As you may be aware, the US, Canada and Mexico are "renegotiating NAFTA" for reasons that don't entirely make sense, but we'll leave that aside. Either way, opening up that process has created an opportunity for Hollywood to attack the internet, and they've rushed right in. And, despite promises to the contrary, it appears that Hollywood may have succeeded in getting the Trump administration's US Trade Representative to back its dangerous plans.
To fully explain this requires a bit of a history lesson. A few decades back, Hollywood realized that what it couldn't get Congress to pass, it could force upon the US through "international trade agreements." Much of the history of what happened is detailed in the excellent 2002 book, Information Feudalism by Peter Drahos and John Braithwaite. The very short version is this: international trade agreements have mostly been negotiated without much fanfare or attention, often in secret, with handshake deals in backrooms. And since "trade agreements" are about industry and commerce, trade negotiators often spend most of their time listening to industry representatives to figure out what they want, rather than looking at what's best for everyone as a whole.
The legacy entertainment middlemen (very cleverly!) realized this long before many others did, and realized that if they could make copyright a "trade" issue, they could continually ratchet up the protectionist parts of copyright law. The plan involves a few clever components. First, find a few countries where they can convince local legislatures to pass ever more draconian copyright laws. Second, put pressure on trade negotiators to put similar provisions into trade agreements. Third, whine about countries (including the US) "failing to live up to the obligations of our international trade agreements" and forcing everyone to ratchet up their copyright laws to "comply." Wash, rinse, repeat.
This is actually how the DMCA itself became law in the US (which is ironic as you'll see in a moment). Hollywood tried to pass a DMCA-like law in the US in the mid-1990s and it failed. So, as the main architect of this plan publicly admitted a few years ago, they did "an end-run around Congress," ran to Geneva, and got a new trade agreement -- the WIPO Copyright Treaty -- passed. And then they scurried right back to Congress, and said to meet the obligations of the WIPO Copyright Treaty, we needed the DMCA.
Since then, Hollywood has pushed for draconian copyright requirements in basically every trade agreement, and the USTR was only too happy to oblige. Ridiculously, the USTR, while pushing ever more draconian copyright law around the globe through trade agreements, has flatly refused to also include fair use or equivalent "safety valves" to keep the law from being abused. Of course, as we've discussed for years, these "safety valves" -- generally called "limitations and exceptions" -- are actually fundamental user rights. In short: the USTR has pushed for rights for big corporations, while refusing to include the necessary rights for the public. That's a dangerous combination.
That brings us to the ongoing NAFTA renegotiation. Hollywood has been whining about the DMCA's safe harbors quite a bit in the past few years (yes, the same safe harbors that are from the DMCA that it forced the US to pass via international trade agreements). So far, however, heavy lobbying by the RIAA and MPAA to do away with the DMCA's safe harbors has failed to convince Congress (in part because Congress has seen through this game and, in part, because Congress still remembers what happened with its attempt to undermine the internet through copyright law with SOPA).
But, hey, with the reopening of NAFTA, Hollywood saw an opportunity, and has pushed for language that will undermine the DMCA's safe harbors and fair use -- things they can't get through Congress alone. Unfortunately, the latest reports are that the USTR has agreed to support this move and, even though it's been shown that more balanced copyright promotes trade, the US is now officially putting more draconian copyright on the agenda -- a move that risks undermining the entire internet, not to mention a major backlash from internet users as well.
Needless to say, this is bad. Some in Congress are speaking up on this, but it's falling along the traditional lines. Senator Ron Wyden has made it clear that he's "deeply concerned" that the Trump administration is willing "to undermine the internet as a platform for speech, innovation and US jobs" with the NAFTA renegotiation. On the flip side, you have Orrin Hatch -- a Senator so closely associated with giving the legacy entertainment industry everything it's ever wanted, that he's given the nickname "Senator Fido" (as in "lapdog") in Rob Reid's comic novel about the music industry. Hatch has spoken up in support of Hollywood, saying that while it's fine to reopen the DMCA's safe harbors, there should be no mention of fair use or any other user rights in these negotiations.
At this point, it appears that Canada is left pushing back on the US's crazy Hollywood-inspired demands. Of course, Canada's suggestions aren't all wonderful either, but at least it's pushing for a more balanced approach -- one that actually recognizes the rights of the public and the importance of protecting free speech, while the USTR (pushed by Hollywood) seems to have decided to throw that right out the window.
Obviously, there are so many other things going on these days, that it's easy to miss the background of "NAFTA 2.0" negotiations. But at this point, it appears that Trump's USTR -- at the urging of Hollywood -- is trying to use these negotiations to do real damage to free speech and innovation online. Taking away the DMCA's safe harbors and refusing to include important protections like fair use in any copyright language should be seen as a non-starter. As we've argued for years, copyright is best left out of trade agreements altogether, but if it does need to be in there, giving Hollywood it's wishlist plan to destroy the internet shouldn't be the USTR's top priority.
44 Comments | Leave a Comment..
Posted on Techdirt - 29 September 2017 @ 1:39pm
You may have heard the story earlier this week that the video game company Atlus had issued a DMCA takedown over a Patreon page for the creators of RPCS3 -- an open source PlayStation 3 emulator, because people could use that emulator to play the Atlus game Persona 5. An awful lot of people immediately said that this was a crazy DMCA takedown, and it's clear that a Patreon page is not violating the copyright of Persona 5 itself. And it is messed up, but perhaps not for the reasons most people are thinking. A DMCA takedown here may actually be legitimate under the law. Rather than a bogus takedown, this may be yet another example of just how fucked up the DMCA is.
The big clue: Atlus itself put up a weird blog post defending the action that is mostly nonsensical, stating lots of things that have nothing to do with copyright law, but see if you catch the one thing that is actually covered by copyright (okay, okay, I've put it in bold for you):
You might have heard earlier today that we issued a DMCA takedown notice involving emulation developer group RPCS3 and their Patreon page. Yes, it’s true. We settled upon this action for two reasons:
- We believe that our fans best experience our titles (like Persona 5) on the actual platforms for which they are developed. We don’t want their first experiences to be framerate drops, or crashes, or other issues that can crop up in emulation that we have not personally overseen. We understand that many Persona fans would love to see a PC version. And while we don’t have anything to announce today, we are listening! For now, the best way to experience Persona 5 is on PlayStation 4 and PlayStation 3.
- We appreciate the awareness generated by the emulation community for Persona 5 and know that it is a fantastic example of how much people are loving our game. We want to keep bringing you titles like Persona 5. Unfortunately, when our content is illegally circumvented and potentially made available for free, in a format we do not think delivers the experience and quality we intend, it undermines our ability to do so by diverting potential support from new audiences.
We want to continue having a dialogue about where and how you would like to play our games. Please let us know what you think.
So here's what I think is going on. It's similar to another story we wrote about a few weeks back, concerning how an anti-adblock company was able to use the DMCA to delete a URL from an adblock list. The key is that this is not what most people think of as a DMCA takedown. Most DMCA takedowns are filed under DMCA 512, which has as whole section on how the "notice and takedown" process works. This is what is used to tell a third party site that a user has uploaded some infringing material. But that's clearly not the case with the Patreon account for RPCS3.
And that's where the other part of the DMCA comes into play, the digital locks anti-circumvention part, known as DMCA 1201. This is the part of copyright law that (bizarrely) makes it a violation of copyright if you "manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof that is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title." In short, violating 1201 means doing something to circumvent DRM. Now, we've spent many blog posts explaining why this is dumb, and how there are tons of legitimate, non-infringing reasons to get around DRM, but 1201 more or less ignores most of that.
Of course, there is no notice-and-takedown process for 1201 violations. But, increasingly, we've seen companies assuming that if they see what they believe is a 1201 violation, they can file a 512-like notice, and platforms feel obligated to treat it similar to a 512 notice -- which means removing the offending material to avoid the possibility of liability. It's not at all clear if this is what the law requires.
It's also not at all clear if the Patreon page at issue here violates 1201. Going on the text of Atlus' blog post, it would certainly apear that they're trying to claim that the Patreon page is a form of "offering to the public" a "technology" that is porduced for "circumventing" the DRM on Persona 5. I think this is a huge stretch to read DMCA 1201 this way -- since it requires the product to be primarily designed for such a purpose, to have "limited commercially significant purpose or use other than" circumvention, or is marketed in a way that advertises the circumvention capabilities. Perhaps Atlus is arguing the latter point. That because the makers of RPCS3 have publicly stated that you can play Persona 5 on it, that's advertising the circumvention capabilities (still feels like a big stretch).
Either way, that would also explain why Patreon settled things by having RPCS3 simply remove all references to Persona 5.
In discussion with the very helpful people over at Patreon we have decided to proceed with caution. Per the request of Patreon, we removed every single reference to Persona 5 on the Patreon page itself and rpcs3.net. This seems to have resolved the situation.
Of course, the RPCS3 Team also points out that Atlus could have just reached out to them directly, rather then sending the takedown to Patreon, and also pointing out that this whole effort seems pretty pointless by Atlus:
RPCS3 as a project and the Patreon itself are safe. And whatever people may wish, there's no way to stop any playable game from being executed on the emulator. Blacklisting the game? RPCS3 is open-source, any attempt would easily be reversed. Attempting to take down the project? At the time of this post, this and many other games were already playable to their full extent, and again, RPCS3 is and will always be an open-source project.
But, once again, we're seeing just how weird and messed up the DMCA's anti-circumvention provisions are -- and how people are now using them similar to the DMCA 512 notice and takedown provisions. I assume this will not be the last time we see these kinds of questionable takedowns being sent.
15 Comments | Leave a Comment..
Posted on Techdirt - 29 September 2017 @ 12:00pm
Earlier this week, the company Factba.se posted an archive with audio and transcripts of every interview that Donald Trump did on Howard Stern's show. As they noted, some of those interviews had turned into news stories with a fair bit of public interest. Factba.se pointed out that while those news stories quoted from the interviews, there was no publicly available archive of all those interviews for others to listen through.
We’ve found snippets and pieces before. But, per our mission, we want to ensure that anything in our database is the full transcript, versus an excerpt. As such, we were interested in the full record of conversations between Donald Trump and Howard Stern from the 1990s forward. To make sure we had it all, we wanted the whole show to check.
Our research indicated he was on the show dozens of times, but not the details, exact dates, etc. We reached out to people who operate fan sites, particularly marksfriggin.com, and on the Internet, particularly via Reddit. Stern fans are known for collecting recordings of old shows, so we were hoping to find the full recordings...
After being "insulted in ways both creative and thorough," the company thought it wasn't going to get access to the files, until someone leaked the whole batch to them:
Out of the blue, early in the morning September 5th, about 3 1/2 months after we had moved on, we received an email with a Dropbox link from an anonymous Yahoo account. We looked and to our surprise, it was several dozen MP3s with the entire show, end-to-end, which allowed us to verify we were capturing the entire interview. We copied the MP3s and quickly emailed back to ask a couple of clarifying questions. We were not-so-politely told to leave them alone.
In the end they realized they had 35 different interviews from May of 1993 through August of 2015. They transcribed everything and then posted the transcripts to their own site, and the audio to both YouTube and Soundcloud.
However, as first reported by Cyrus Farivar at Ars Technica, Sirius XM apparently was not happy and sent a DMCA notice to YouTube, to Soundcloud and to Factba.se.
It has recently come to our attention that you operate a website accessible at
www.factba.se (the “Site”), on which there is posted over fifteen hours of recordings of Howard
Stern Materials, as well as corresponding transcripts of such recordings. Many of such
recordings are also accessible through CantyMedia’s YouTube page and Factbase’s SoundCloud
page. As a legal matter, your unauthorized distribution of the Howard Stern Materials (including
the corresponding transcripts) through these platforms violates the copyrights therein, and
constitutes copyright infringement. Publication and distribution of infringing materials via
YouTube and SoundCloud also violates those sites’ policies.
In light of the above, we must insist that you: (a) immediately remove or disable
access to all Howard Stern recordings and transcripts, and any other SiriusXM programming, on
the Site, YouTube, SoundCloud, or any other websites, databases, or computer/mobile
applications through which you are providing unauthorized access to the Howard Stern Materials
or SiriusXM programming; (b) refrain from uploading, broadcasting and/or distributing any
Sirius XM programming (including the Howard Stern Materials) in the future; and (c) provide us
with written insurances confirming that you have done as requested.
In view of the importance of this matter, we have contacted YouTube and
SoundCloud contemporaneous with the sending of this letter, to request that they remove the
unauthorized recordings uploaded to your accounts pursuant to their obligations under the Digital
Millennium Copyright Act (“DMCA”). Please be aware that these platforms may take adverse
actions, such as terminating a user’s accounts, in response to a DMCA notice identifying
multiple infringements. It is our understanding that such actions may be avoided by an account
holder’s direct and expeditious removal of all such unauthorized recordings.
The Ars piece quotes a bunch of lawyers discussing whether it is fair use -- with many leaning towards it being fair use, but some arguing it's not that clear cut. I would argue that the newsworthy nature of it and the purpose of the archive push it pretty strongly towards being transformative (the use is quite different than the initial use). And, similarly, the fact that this clearly wouldn't "harm" the market for the Howard Stern show, would weight heavily towards fair use -- though, with so many fair use cases, you never know how a judge will see things (and you could make arguments against fair use if you tried hard enough).
Factba.se also says that it's trying to resolve this amicably with Sirius XM and to properly "preserve the record." And that raises some other questions. Copyright law has Section 108, for libraries and archives to preserve important works in a manner for research purposes that are open to the public. Among the rules under 108 is that the archive must determine "after reasonable investigation" that a copy of the work cannot be obtained at a fair price -- which appears to be the case here. However, there are also some other hoops to jump through, including posting a specific notice with the archive to qualify (which seems unlikely to have happened). Furthermore, it's unlikely that a for-profit entity can avail itself of Section 108's protections. There is one part of 108 -- put in place specifically for Vanderbilt's TV news archive, that make it easier to archive "audiovisual news programs" but again, is Howard Stern's show a "news program?" That would be a fun question to test in court.
There's a separate, lurking, question here about whether or not a radio interview is actually covered by copyright in the first place -- but that's a potentially muddy swamp that probably isn't worth diving into right now. I'll just say that while many people assume that audio interviews are covered by copyright, there's a compelling argument that the actual text of copyright law does not agree. I'm not convinced a court would actually buy that argument, but it's one argument that could be made. After all, Sirius XM isn't adding the "creativity" to any of Trump's comments or statements. He's making them up as he speaks.
The larger point, though, is that there's tremendous news value and public interest in these archives, and we're in yet another situation where copyright law is being used to censor information that is in the public interest. And that should concern everyone.
Read More | 26 Comments | Leave a Comment..
Posted on Techdirt - 29 September 2017 @ 10:47am
Earlier this year we wrote about a truly awful Supreme Court ruling concerning whether or not the design of cheerleader costumes could be covered by copyright. As we had explained earlier, this ruling could have a major impact on a variety of industries. The key issue is that "useful articles" are not supposed to be subject to copyright. Historically, that's always meant that the actual design of clothing or costumes is not protected by copyright law. And that's been a really good thing. It's inspired much more competition and innovation over the years in the clothing world.
As we noted when the ruling came out, allowing the copyright on cheerleader uniforms to stand, with a weird "new test" (basically whether you can "separate" the design from the useful article, and if the separated design is copyright-eligible), would lead to a lot of lawsuits pushing the boundaries of that test. And that's exactly what's happening. And it may ruin Halloween this year. Because suddenly, Halloween costume designers are starting to sue. Specifically, a costume maker named (no joke) "Rasta Imposta" is suing K-mart for having the audacity to sell someone else's banana costume. Really. This is straight out of the complaint:
Incredibly, Rasta Imposta argues that basic features of a banana are its "distinct visual elements."
The appearance and trade dress of Rasta Imposta’s distinctive Banana Design is
identified by a combination of arbitrary and distinct visual elements which make up its overall
appearance, design, and trade dress, including, but not limited to the Banana Design’s bright
yellow color with dark tips at the ends, the lines running down the sides, the Banana Design’s
placement of the banana ends, and the cutout holes in the Banana Design.
I don't see how Rasta Imposta can legitimately argue that its copyright covers the yellow color of a banana, the dark tips or lines running down the side. That's kinda common to all bananas. But, still, it insists another banana is infringing.
The Kmart Totally Ghoul Costume has the same shape as the Banana Design, the
ends of the banana are placed similarly, the vertical lines running down the middle of the banana
are placed similarly, the one-piece costume is worn on the body the same way as the Banana
Design, and the cut out holes are similar to the Banana Design.
And, no, I have no idea why Kmart has named its Banana costume "Totally Ghoul."
This whole thing seems particularly pointless. It's a freaking costume of a banana. But, alas, with the Supreme Court flinging open the door to pulling out elements of costumes and making them copyrightable, expect more of these lawsuits.
Read More | 102 Comments | Leave a Comment..
Posted on Techdirt - 26 September 2017 @ 3:35pm
Over the last few years, Larry Lessig has not shied away from trying to bring about change to the corruption he sees in our political system with "big" projects. Rather than chipping away at ideas, Lessig has been announcing huge, almost impossible plans, generating lots of attention and hoping that they either create real change, or at the very least, create discussion on the topics he's attacking. So far, even he admits that most of those projects have been less than successful in achieving their goals. Back in 2014, there was his attempt to build a crowdfunded SuperPAC with the goal of ending SuperPACs (supporting candidates who would change campaign finance). While they raised a lot of money, Lessig admitted that the organization failed to make a real difference in the elections it participated in. Then there was the plan to call a new Constitutional Convention (which continues to garner discussion to this day, but mainly from those ideologically opposed to Lessig). And, of course, the failed campaign to be the Democratic nominee for President, where his main goal was to get into the debates -- only to have the Democrats change the rules to keep him out.
Each of these can certainly have the appearance of a rather quixotic approach to taking on government corruption. And while there are many things I do agree with Lessig on, there's also a pretty long list where I disagree with him. But, what I respect is that even as outwardly "crazy" as many of these plans appear to be, there's always an astoundingly detailed, well-thought out and well-argued logic behind them, even if the likelihood of success is low. He's making big gestures that may have a low probability of success, but these aren't campaigns that have just been thrown together on a whim -- they have a clear purpose and fit in with a larger theme, often trying to game the system in some clever way. They're gimmicky, but in ways that at least make you think.
All of that is true with his latest project as well: an attempt to change the way we elect the president. Obviously, many people who were upset with the results of last year's election (and lingering anger about the 2000 election) have been arguing that it's time to get rid of the electoral college. And, frankly, it's kind of difficult to justify why we still have an electoral college when it's quite clear that it serves no really useful function. But, of course, because of the way things worked out in 2000 and 2016, even discussing the problems of the electoral college have become (stupidly) partisan. And, because it's part of the Constitution, getting rid of the electoral college is a near impossibility.
So, instead, Lessig is attacking things a step down the chain with his EqualVotes campaign. The argument, again, makes a lot of sense. Don't get rid of the electoral college -- but stop giving all electoral votes in a state to the winner of the popular vote in that state. This is the part that's really undemocratic. As Lessig explains:
A Republican from California is no less a United States citizen than a Democrat. Yet her vote for President counts for nothing. Likewise with a Democrat in Texas. There is no reason not to allocate electors in a way that gives equal weight to every citizen’s vote, at least within the constraints of the framers’ original compromise.
States initially adopted “winner take all” because it amplified the power of that state’s votes. This troubled even Jefferson, who recognized the incentive to try to expand a state’s influence. As he wrote, “[a]n election by districts would be best if it could be general, but while ten States choose either by legislatures or by [winner take all] it is folly and worse than folly for the other States not to do it.”
Yet once (practically) every other state had embraced winner take all, its important effect was not to amplify, but to shift the focus of the presidential campaigns. This is because under “winner take all,” the only states in which it makes any sense for a presidential candidate to campaign are “battleground states” — states in which the popular vote can be expected to be so close that one side has a real chance to beat the other.
Thus in 2016, two-thirds of campaign events happened in just 6 battleground states — Florida, North Carolina, Ohio, Pennsylvania, Virginia, and Michigan. Four battleground states — Florida, North Carolina, Ohio and Pennsylvania — saw 71% of campaign ad spending and 57% of candidate appearances. All together, the 14 battleground states saw 99% of ad spending and 95% of candidate visits for campaign purposes.
The argument, then, is to try to force states away from "winner-take-all." Right now, only Maine and Nebraska don't do winner take all with their electoral college votes, but they both don't have many votes anyway.
Lessig's plan to bring this about is to bring legal challenges and hopefully get them to the Supreme Court. As Lessig explains:
The Supreme Court has made it clear that the principle of “one person, one vote” applies in the “Presidential selection process”—first in a set of cases in the 1960s, and most recently, in 2000, in a case called Bush v. Gore. But the Court has not yet considered whether “winner take all” rules are themselves consistent with “one person, one vote.” Delaware asked the Supreme Court to consider the question 50 years ago. The Court declined the request for review.
It is long past time for the Court to address this inequality directly.
In a separate post, Lessig has laid out the reasoning more clearly and responded to some of the key questions. The sort of judo move here, is that Lessig is effectively trying to use the Supreme Court's reasoning in Bush v. Gore to make this work -- and he's argued that if you supported the Supreme Court in that ruling, you're being inconsistent if you argue against the case he's hoping to bring, as they're based on the same principles of one person, one vote.
The real question for the opponents here is Bush v. Gore (2000): If the application of “one person, one vote” to restrict winner-take-all is invalid because the Framers never intended the clause to be used in that way, was the application of “one person, one vote” to the Florida recount invalid, because of course, the Framers of the 14th Amendment had no intent whatsoever about the Supreme Court supervising the state’s rules for counting or recounting votes?
The point is just this: It’s perfectly respectable to say, Bush was wrong, and our claim is wrong as well. But it is selective to say, Bush was right, but our claim is wrong.
Of course, there are still others who argue that a proportional breakdown will create other problems as well, such as those who support an even more radical change: to a ranked choice voting system. And while I agree that a ranked choice setup would be much better, it has basically zero chance of happening any time soon. Lessig's chances with this lawsuit appear quite slim as well, but they're at least above zero. And, yes, I'm sure some people will point to the National Popular Vote Interstate Compact, as a sort of "competing" idea to Lessig's to force a move to make the popular vote actually matter -- and Lessig has said he's supportive of that effort too -- he just sees EqualVote as another way of forcing the issue.
Either way, this is a project worth paying attention to -- even if it may be a longshot. Lessig may take a lot of these longshots, but if he gets one right, it could have a pretty major impact.
121 Comments | Leave a Comment..
Posted on Techdirt - 26 September 2017 @ 12:01pm
We keep pointing to examples like this, but the examples are getting starker and more depressing. Lots of people keep arguing that internet platforms (mainly Facebook) need to be more aggressive in taking down "bad" speech -- often generalized under the term "hate speech." But, as we've pointed out, that puts tremendous power into the hands of those who determine what is "hate speech." And, while the calls for censorship often come from minority communities, it should be noted that those in power have a habit of claiming criticism of the powerful is "hate speech." Witness the news from Burma that Rohingya activists have been trying to document ethnic cleansing, only to find Facebook deleting all their posts. When questioned about this, Facebook (after a few days) claimed that the issue was that these posts were coming from a group it had designated a "dangerous organization."
So, is it a dangerous organization or a group of activists fighting against ethnic cleansing? Like many of these things, it depends on which side you stand on. As the saying goes, one person's terrorist is another's freedom fighter. And this just highlights the tricky position that Facebook has taken on -- often at the urging of people who demand that it block certain content. Facebook shouldn't be the ones determining who's a terrorist v. who's a freedom fighter and when we keep asking the site to be that final arbiter, we're only inviting trouble.
The real issue is how we've built up these silos of centralized repositories of information -- rather than actually taking advantage of the distributed web. In the early days of the web, everyone controlled their own web presence, for the most part. You created your own site and posted your own content. Yes, there were still middlemen and intermediaries, but there were lots of options. But centralizing all such content onto one giant platform and then demanding that platform regulate the content -- these kinds of problems are going to happen again and again and again.
24 Comments | Leave a Comment..
Posted on Techdirt - 25 September 2017 @ 3:30pm
So, you've probably heard stories in the past about the fear some trademark lawyers have about "genericide" -- where their product's name becomes so attached to the product that it's considered generic and the trademark no longer applies? Think kleenex and xerox for example. We've found, over the years, that people get a bit too worked up about this, leading trademark lawyers to make some really dumb demands along the way to try to "prevent" what is generally impossible to actually prevent. We also often see people claim (falsely) that this means companies are required to stop any and all uses of their mark, even when not infringing (or, even worse, seeing people falsely claiming that the same thing applies to copyright). Either way, the company Velcro has taken... well... quite a unique approach to the fact that everyone calls their most famous product "velcro" -- even when made by competitors. They made an absolutely hilarious "We are the World"-style video begging you not to call it Velcro and telling you, in no uncertain terms, that they it's "fucking hook & loop." Really.
When I first saw it, I thought it was a John Oliver or SNL-style parody video, but nope. It's real. It's on Velcro's official YouTube feed, and they even have a behind the scenes "making of" video to explain how the video was made and how it came about (including the fact that two actual Velcro lawyers are in the video).
Of course, they insist they're doing this to get people talking about the importance of calling it "hook and loop" though I think at best, it will just get people talking about how incredibly dumb trademark law has become, where this kind of thing is seen as necessary. The only people who will now start calling it "hook and loop" are likely to be people doing it ironically. In which case, they may go with the longer "this is fucking hook and loop," as the song suggests. But, as the song itself suggests, it's totally ridiculous that the company has to do this to try to get you to stop saying the brand name that the company spent "60 plus years" building. The song also jokingly references other genericized brands, such as Clorox, Band-Aid and Rollerblades.
Thankfully, they don't seem to get the finer points of the law really wrong in the song -- noting that the patent on velcro expired 40 years ago, and if everyone calls everything similar velcro, the company might "lose our circle R." Of course, they leave out the fact that if they lose the trademark... it's actually probably not that big a deal. People will still call all similar products velcro, but Velcro-brand velcro will almost certainly still be able to charge a premium, since people will recognize the brand name.
And that's really what highlights how dumb all of this is. Even if you lose the trademark to genericide, that doesn't mean the company packs up and moves on. It just shows how much the brand itself has resonated, and companies have lots of ways to continue to capitalize on that brand, even without the registered trademark. So, while I can always get behind hilarious videos concerning oddities in trademark, copyright or patent law, this video seems like a much better lesson in the stupidity of trademark law (and how much lawyers overreact to the fear of genericide) than any legitimate argument against calling someone else's velcro-like fastner "velcro."
48 Comments | Leave a Comment..
Posted on Techdirt - 25 September 2017 @ 1:31pm
A few weeks ago, we noted that Judge Rodney Gilstrap, a judge in East Texas who is infamous for handling approximately 25% of all patent cases in the entire country, appeared to be ignoring the Supreme Court in an effort to keep all those patent cases in his own docket. You see, earlier this year, in an important case, the Supreme Court said that the proper venue for a patent lawsuit to be brought should be where the defendant "resides" rather than just wherever they "do business." Previously, patent trolls had said that the lawsuits could be brought wherever a company did business -- which, with internet firms, meant anywhere -- allowing them to file in their favorite court in East Texas. The Supreme Court said "that's not what the law says."
But Gilstrap tried, somewhat creatively, to twist himself around those rules, by arguing that all sorts of other factors could be used to determine "residence" -- basically including (again) if you had any connection to that jurisdiction at all -- and thus continue to allow East Texas to be an acceptable venue. We listed out those factors in the earlier post, but don't need to do so again, because the Court of Appeals for the Federal Circuit has already weighed in and said "nope, that's not how it works."
The ruling is pretty straightforward. Basically, it says "when we say a defendant has to reside in that venue, we mean it."
As discussed in greater detail below, our analysis of the case law and statute reveal three general requirements relevant to the inquiry: (1) there must be a physical place in the district; (2) it must be a regular and established place of business; and (3) it must be the place of the defendant. If any statutory requirement is not satisfied, venue is improper...
The court then points out that words have meaning, and making up a "test" that is untethered to the meaning of the words in the statute is simply not acceptable.
The statutory language we need to interpret is “where the defendant . . . has a regular and established place of business.” 28 U.S.C. § 1400(b). The noun in this phrase is “place,” and “regular” and “established” are adjectives modifying the noun “place.” The following words, “of business,” indicate the nature and purpose of the “place,” and the preceding words, “the defendant,” indicate that it must be that of the defendant. Thus, § 1400(b) requires that “a defendant has” a “place of business” that is “regular” and “established.” All of these requirements must be present. The district court’s four-factor test is not sufficiently tethered to this statutory language and thus it fails to inform each of the necessary requirements of the statute.
And thus, Gilstrap's argument that a "virtual" presence in the district is enough... is not, in fact, enough:
As noted above, when determining venue, the first requirement is that there “must be a physical place in the district.” The district court erred as a matter of law in holding that “a fixed physical location in the district is not a prerequisite to proper venue.” ... This interpretation impermissibly expands the statute. The statute requires a “place,” i.e., “[a] building or a part of a building set apart for any purpose” or “quarters of any kind” from which business is conducted. William Dwight Whitney, The Century Dictionary, 732 (Benjamin E. Smith, ed. 1911); see also Place, Black’s Law Dictionary (1st ed. 1891) (defining place as a “locality, limited by boundaries”). The statute thus cannot be read to refer merely to a virtual space or to electronic communications from one person to another. But such “places” would seemingly be authorized under the district court’s test.
The court dings the other prongs of Gilstrap's test as well, showing that each is insufficient and then sends it back to the lower court to determine which other court the case should be transferred to, but making it clear that "East Texas" is not one of the options.
Read More | 36 Comments | Leave a Comment..
Posted on Techdirt - 25 September 2017 @ 10:38am
This might seem like a harsh title, but let's go back a bit into history. In 2010, at the direct urging of the RIAA, the US government, in the form of ICE, suddenly decided that it could seize domains right out from under websites with zero due process. Specifically, the RIAA gave ICE a list of websites that it insisted were engaging in piracy. It later turned out that this list was completely bogus -- and the seized domains included some music blogs and a search engine -- and when ICE asked the RIAA to provide the evidence (incredibly, many months after seizing the domains...), it turns out that they had none. Even with all of this, ICE kept one blog's domain for over a year, while denying that site's lawyer even the chance to talk to the judge overseeing the case -- and (even more incredibly) kept two other sites for five whole years.
The RIAA, who was directly quoted in the affidavit used to seize these domains (including falsely claiming that a non-RIAA song, that was personally given to the site by the independent artist in question, was an RIAA song and infringing) later tried to downplay its role in all of this, while still insisting that seizing entire domains based on flimsy claims and zero evidence was a perfectly reasonable strategy.
Fast forward to the present. Over in Spain there's a big political fight over Catalonia independence, with an upcoming referendum that the Spanish government has declared illegal. Things got very messy with Spanish law enforcement raiding government buildings, offices and homes. There are all sorts of human rights issues being raised here, let alone questions of democracy. However, those aren't directly the kinds of things we cover here. What did catch our attention, however, is that one of the raids was on the operators of the .cat domain, puntCAT, in order to seize the websites promoting the upcoming referendum and to arrest the company's head of IT for sedition (yes, sedition).
As EFF's Jeremy Malcolm explains, this should raise all sorts of alarms and concerns:
We have deep concerns about the use of the domain name system to censor content in general, even when such seizures are authorized by a court, as happened here. And there are two particular factors that compound those concerns in this case. First, the content in question here is essentially political speech, which the European Court of Human Rights has ruled as deserving of a higher level of protection than some other forms of speech. Even though the speech concerns a referendum that has been ruled illegal, the speech does not in itself pose any imminent threat to life or limb.
The second factor that especially concerns us here is that the seizure took place with only 10 days remaining until the scheduled referendum, making it unlikely that the legality of the domains' seizures could be judicially reviewed before the referendum is scheduled to take place. The fact that such mechanisms of legal review would not be timely accessible to the Catalan independence movement, and that the censorship of speech would therefore be de facto unreviewable, should have been another reason for the Spanish authorities to exercise restraint in this case.
Whether it's allegations of sedition or any other form of unlawful or controversial speech, domain name intermediaries should not be held responsible for the content of websites that utilize their domains. If such content is unlawful, a court order directed to the publisher or host of that content is the appropriate way for authorities to deal with that illegality, rather than the blanket removal of entire domains from the Internet. The seizure of .cat domains is a worrying signal that the Spanish government places its own interests in quelling the Catalonian independence movement above the human rights of its citizens to access a free and open Internet, and we join ordinary Catalonians in condemning it.
I agree entirely with Malcolm's assessment, but should note that the US government (even if it wanted to, which it probably does not...) has no moral high ground here, seeing as it's been seizing domains for the better part of a decade, with some of those earliest seizures coming on behalf of the RIAA (over trumped up charges). As Malcolm says, this doesn't mean that all illegal content must remain online, but seizing domains is a brute force intimidation and censorship tool for governments. The RIAA should be ashamed that it helped "pioneer" this sort of government censorship.
42 Comments | Leave a Comment..
Posted on Techdirt - 22 September 2017 @ 9:33am
One of Backpage's most vocal critics in law enforcement has been Cook County Sheriff, Thomas Dart. As you may recall, this has been a nearly decade-long obsession with Sheriff Dart, in which he has been slapped down many, many times by courts. In 2009 he sued Craigslist for hosting adult ads, only to get slapped down pretty hard by a court explaining to him that you can't blame an online service for how its users use it. Once the ads on Craigslist moved to Backpage, Dart had a new target, which he regularly complained about in the press. In 2015, knowing he couldn't sue Backpage directly, he instead (successfully) strongarmed all the payment companies that worked with Backpage into cutting off service.
In response, Backpage sued Dart and very quickly won. The district court quickly pointed out that this seemed like a pretty clear First Amendment violation, with a government official using the law to attack non-criminal actions, creating classic prior restraint. The appeals court agreed with a masterful ruling by Judge Posner, about how this appeared to be a clear abuse of power by Sheriff Dart to bankrupt a company he disliked, but over whom he held no jurisdiction.
The case was then sent back to the lower court on a few points, and the two sides have been flinging paper back and forth for a while -- mostly to no avail. There had been little to no action in the case for many months... until last week Sheriff Dart suddenly sprung up to ask the court to reopen the process so he can issue subpoenas to Backpage, to dig more into what he insists must be criminal activity.
He's basing this on media reports related to a separate investigation into Backpage, which at the very least do raise some questions about whether Backpage is truly involved in the creation of its ads (which would take away its CDA 230 protections). Dart claims this proves that Backpage was lying to the court about how much of a hand it had in crafting ads on its site.
This July, THE WASHINGTON POST and NBC NEWS each published explosive articles reporting that Backpage is actively recruiting prostitutes and even creating ads for them to post on its website. Copies of these articles are attached as Exhibits A and B, respectively. While “Backpage has always claimed it doesn’t control sex-related ads, [n]ew documents show otherwise.” Exhibit A. Backpage has been “aggressively soliciting and creating sex-related ads.”...
The articles explain that the discovery of incriminating documents showing Backpage’ s solicitation and ad creation came about accidentally following the seizure of computers from one of Backpage’s Philippine agents in an unrelated civil lawsuit, but the fact that the revelations were accidental does not take away from their explosive character. The seized documents, if authentic and the reporting about them correct, prove that the essential premise of the original and amended complaints—that Backpage does not provide any of the content of the ads soliciting prostitution—is not well grounded in fact. Backpage has been lying to this Court...
[....]
Defendant now seeks leave to obtain through subpoena the very documents discussed in the two news articles—documents which, if authentic, corroborate the Red Beauty Sting and prove that Backpage has encouraged and participated in illegal activities, including the creation of advertisements that would destroy its Communications Decency Act defense that it is merely a web platform posting the advertisements of others.
Indeed, if it comes out that Backpage was actively involved in the creation of the content, it does not get CDA 230 protections. Under the Roommates.com standard, you can lose 230 protections if you "develop" the comment -- which means "materially contributing to its alleged unlawfulness." I have no idea if Backpage actually goes that far, but if it does, then its 230 protections go out the window and it's in a lot of trouble.
But here's the important point: for all the hubbub over the supposed "need" to break CDA 230 with SESTA in order to go after Backpage for this activity, Sheriff Dart's motion shows that there's no reason for SESTA. If Backpage truly did what those media reports are claiming, then CDA 230 won't apply and Backpage is hosed.
This is something that gets completely lost in all of the talk about CDA 230, where people (falsely) think that it completely takes away any liability for criminal activity. It does not. It just makes sure that the liability is actually on the parties engaged in the criminal activity. If it's the end users, CDA 230 does nothing for them. And if it's the platforms themselves, then CDA 230 also doesn't protect them from their own activities. The fact that Sheriff Dart is arguing that he can now go after Backpage again, and that the CDA 230 protections are gone, is a good reminder that we don't need SESTA to go after Backpage if it really violated the law.
Read More | 44 Comments | Leave a Comment..
Posted on Techdirt - 22 September 2017 @ 6:24am
So far this week, we've explained why SESTA is such a bad bill and how it will create a massive chilling effect that could impact nearly every online service. And while the Senate hearing on the bill wasn't as bad as we feared it would be, it certainly had its problematic moments -- such as when the bill's co-author, Senator Richard Blumenthal, argued that companies that couldn't afford to moderate/filter everything should be prosecuted. However, in the days since the hearing, I've had a few thoughts about aspects of the debate that are, to say the very least, troubling.
"Do Something Now!": While it was good to see many Senators at least pay lip service to the idea that the bill needed changes to not have massive unintended consequences for the entire internet, it was troubling the way they approached this process. Prior to the hearing, Emma Llanso wrote up a list of four important questions Senators should ask during the hearing -- and none of them were asked. The key questions were fairly fundamental ones: what actual gap is there in the law and will this fix it? It was disturbing that no one seemed to discuss that at all.
After all, under CDA 230 today, nothing stops federal law enforcement from going after Backpage (other than if the DOJ doesn't think Backpage broke the law). CDA 230 does not cover federal government law enforcement. Similarly, CDA 230 does not cover content "developed" by a company itself. So, if as many people claim, Backpage develops illegal content itself, it's still liable. Finally, just a few years ago, Congress passed the SAVE Act, with the exact same stated intent: to carve a hole in CDA 230 to go after Backpage by making it a federal crime to advertise sex trafficking. That law hasn't been used -- and none of the Senators seem to be asking why.
Instead, there's very much the traditional politician's syllogism of "we must do something, this is something, we will do it." A few times during the hearing, Senators demanded from the two opponents to SESTA that they provide better language if they're concerned about this language. Notice the problem here: they were admitting that this language is problematic, but seemed to have no interest in understanding why or how to fix it -- instead, demanding that others give them new language, with the implicit threat that if they don't, this language will stay because this is "something."
That may be all too common, but it seems like a dreadful way to make policy.
The knowledge standard is a mess: This is important, and got some discussion during the hearing, but not nearly enough. The "knowledge" standard in the bill is a complete and total mess. The supporters of the bill brushed it off as no big deal, often by misstating what the bill actually says. California Attorney General Xavier Becerra focused solely on the criminal standards for knowledge, saying he needed to prove "beyond a reasonable doubt" that there was intent, while NCMEC's Yiota Souras insisted the knowledge standard was very narrowly tailored.
Both of them are wrong -- in somewhat staggering and dangerous ways. Again, the actual text of the bill says the following:
The term ‘participation in a venture’ means knowing conduct by an individual or entity, by any means, that assists, supports, or facilitates a violation [of sex trafficking laws.]
This is problematic on multiple levels. First "knowing conduct" by itself is vague and not clearly defined. As Professor Eric Goldman suggested during the hearing, knowing conduct could just mean that a platform knows it's doing something, but has no idea of the outcome. For example, if we knowingly allow users to post comments on our site -- and someone uses that to post sex trafficking ads -- even though we didn't know they were posting sex trafficking ads, our conduct in enabling comments was "knowing." If that sounds like a crazy scenario to you, fair enough -- but shouldn't the law state that much more clearly? Make it clear that the knowledge is not just of its own conduct, but that the conduct is specifically targeted at breaking the law.
The second problem with the knowledge standard is the claim that you can violate the law if your "knowing conduct" "by any means"... "assists, supports or facilitates a violation" of sex trafficking laws. As we explained earlier, assists, supports or facilitates is super broad. It's possible to read this to mean that hosting a website where someone sets up a blog to advertise sex trafficking makes you automatically liable -- even if you knew nothing of the actual content. After all, you did "knowing conduct" (hosting a website) and that website was used to "assist, support or facilitate" a violation of sex trafficking laws. We would not read the law this way, but as the language is currently written, it could very well be read that way.
And that means it will be read that way by someone. We've seen tons of civil lawsuits filed against deep-pocketed companies (and not so deep-pocketed companies) on a much more flimsy basis. If you don't think a bunch of lawyers won't be searching for such cases to bring, you haven't paid much attention.
And these lawsuits can be very costly and time-consuming. Remember the Viacom v. YouTube case? That was an intermediary liability case that was almost entirely focused on the question of whether YouTube had the requisite knowledge to be liable (sound familiar?). And it went on for more than seven years before it was finally settled, rather than having a court issue a final ruling. With such a weak knowledge standard (even weaker than the DMCA's that was fought over in the Viacom case), you can bet there will be long and costly lawsuits over just what the hell Congress meant by "knowledge."
It's fairly stunning and concerning that those pushing for the bill insist there's no problem with the knowledge language. It's as if they have no idea of the fairly recent litigation history over this very issue.
A lack of enforcement isn't fixed by blaming intermediaries: As mentioned, nothing in CDA 230 stops the Justice Department from going after intermediaries if they break the law. When this was (barely) brought up during the hearing, one response was that the DOJ is either overwhelmed or isn't doing its job -- and by opening up prosecutions to state law enforcement, it would allow more of these kinds of cases to be brought. And while that may be true, that seems like a really weird way to solve the problem. If the true problem is a lack of willingness or resources by the DOJ to take on these cases, then why isn't the discussion and legislation directly targeting that problem? Why isn't there a discussion of allocating more resources, or finding out why the DOJ isn't bringing these cases, and offering legislation or resources to solve whatever may be blocking action.
Instead, it seems like a very strange approach to say the answer to a lack of will or resource is... to make more companies liable.
A profound misunderstanding of CDA 230. This one bothers me quite a bit. If we're talking about amending CDA 230, at least get the facts on CDA 230 right. Unfortunately, many Senators and some of the witnesses did not. There's this incorrect belief that CDA 230 leaves no recourse for victims of sex trafficking. That is not even remotely true. The actual perpetrators of sex trafficking are still very much in violation of the law. And, again, if platforms actually develop illegal content themselves, then CDA 230 protections don't apply.
Finally, so many of the Senators and commentators act as though because of CDA 230, no company does anything to moderate their platforms. This is laughable. Basic public pressure has lead most platforms to moderate their platforms thoroughly -- and that's one of the features of CDA 230, in that it says that any effort to moderate/filter your platform to remove content you don't want to see (even if legal) does not attach any liability. SESTA changes that standard (even as its authors claim it doesn't). Because of the "knowledge" standard, moderating content may now be seen as evidence of "knowing conduct." So this effectively wipes out one of the most important tools that platforms have used to stop their platforms from being used for sex trafficking -- and no one seems to want to acknowledge that.
Unless the supporters of this bill are willing to face up to these basic facts and problems with the bill, their headlong rush into "doing something" seems likely to cause a lot more harm than good.
71 Comments | Leave a Comment..
Posted on Techdirt - 21 September 2017 @ 9:33am
It's fairly stunning just how much people believe that it's easy for companies to moderate content online. Take, for example, this random dude who assumes its perfectly reasonable for Facebook, Google and Twitter to "manually review all content" on their platforms (and since Google is a search engine, I imagine this means basically all public web content that can be found via its search engine). This is, unfortunately, a complete failure of basic comprehension about the scale of these platforms and how much content flows through them.
Tragically, it's not just random Rons on Twitter with this idea. Ron's tweet was in response to UK Prime Minister Theresa May saying that internet platforms must remove "extremist" content within two hours. This is after the UK's Home Office noted that they see links to "extremist content" remaining online for an average of 36 hours. Frankly, 36 hours seems incredibly low. That's pretty fast for platforms to be able to discover such content, make a thorough analysis of whether or not it truly is "extremist content" and figure out what to do about it. Various laws on takedowns usually have statements about a "reasonable" amount of time to respond -- and while there are rarely set numbers, the general rule of thumb seems to be approximately 24 hours after notice (which is pretty aggressive).
But for May to now be demanding two hours is crazy. It's a recipe for widespread censorship. Already we see lots of false takedowns from these platforms as they try to take down bad content -- we write about them all the time. And when it comes to "extremist" content, things can get particularly ridiculous. A few years back, we wrote about how YouTube took down an account that was documenting atrocities in Syria. And the same thing happened just a month ago, with YouTube deleting evidence of war crimes.
So, May calling for these platforms to take down extremist content in two hours confuses two important things. First, it shows a near total ignorance of the scale of content on these platforms. There is no way possible to actually monitor this stuff. Second, it shows a real ignorance about the whole concept of "extremist" content. There is no clear definition of it, and without a clear definitions wrong decisions will be made. Frequently. Especially if you're not giving the platforms any time to actually investigate. At best, you're going to end up with a system with weak AI flagging certain things, and then low-paid, poorly trained individuals in far off countries making quick decisions.
And since the "penalty" for leaving content up will be severe, the incentives will all push towards taking down the content and censorship. The only pushback against this is the slight embarrassment if someone makes a stink about mistargeted takedowns.
Of course, Theresa May doesn't care about that at all. She's been bleating on censoring the internet to stop terrorists for quite some time now -- and appears willing to use any excuse and make ridiculous demands along the way. It doesn't appear she has any interest in understanding the nature of the problem, as it's much more useful to her to be blaming others for terrorist attacks on her watch, than actually doing anything legitimate to stop them. Censoring the internet isn't a solution, but it allows her to cast blame on foreign companies.
77 Comments | Leave a Comment..
Posted on Techdirt - 19 September 2017 @ 11:53am
So, earlier today the Senate Commerce Committee held a two and a half hour hearing about SESTA -- the Stop Enabling Sex Traffickers Act of 2017. The panelists were evenly split, with California Attorney General Xavier Becerra and Yiota Souras from the National Center for Missing and Exploited Children being in support of the bill, and Professor Eric Goldman and Abigail Slater from the Internet Association worrying about the impacts of SESTA (notably, both highlighted that they're not against all changes to CDA 230, they just want to be quite careful and are worried about the language in this bill). I was actually somewhat surprised that the hearing wasn't as bad as it could have been. There certainly was some grandstanding, and some insistence that because SESTA says it will go after sex trafficking, it obviously will -- but many Senators did seem willing to listen to concerns about the bill and how it's written. Much attention was paid to the sketchy "knowledge" standard in the bill, which we wrote about this morning. And that's good -- but there was a fair bit of nonsense spewed as well.
Perhaps the most problematic comments were from the bill's co-author, Senator Richard Blumenthal, who has been attacking CDA 230 since his time as Connecticut's Attorney General. While you can watch the entire hearing, I created a short clip of Blumenthal's questions (which, oddly, C-SPAN won't let me embed here) so I'll transcribe it:
Blumenthal: I think I've said why I support this legislation, which I helped craft, and we've tried to do it carefully. And we tried to listen to the industry. We've tried to listen really closely to some of the concerns that have been raised this morning by Mr. Goldman. For example, the idea that this legislation will cause sex trafficking to -- I'm using your word -- proliferate. Hard to believe. Mr. Becerra, what do you think and will this measure cause sex trafficking to proliferate?
So... the idea that Blumenthal listened carefully is laughable on its face. He's been fighting this issue since at least 2010 when he went after Craigslist for ads he didn't think they should have on the site. And in Blumenthal's own testimony he admitted that forcing Craigslist to change how it worked only led to sex trafficking ads moving from Craigslist -- which cooperated very closely with law enforcement -- to Backpage and expanded their reach. I'm at a loss as to why we should take Blumenthal's word on what will happen when he admits his own actions targeted at sex trafficking in the past made the problem worse. To then mock Prof. Goldman for suggesting the same might happen here is... quite incredible.
Also, interesting that rather than asking Goldman to clarify his position first (he does later), Blumenthal starts by asking Becerra to back him up.
Becerra: I can't agree with what Professor Goldman has said. I think it's just the opposite. If we have a standard in place, then I believe the stakeholders within the internet community will come forward in ways we've seen before, but even more vigoroulsy, because they'll understand what the standard is, and I think that's so very important to make it clear for folks. The most important thing, Senator Booker sorta pointed this out, is we need to get the opponents of this measure to explain, in detail, what they would propose in place. Otherwise, it's always a moving target. It's Whac-a-mole. Someone needs to give us what a better bill looks like.
So, this is also bizarre and wrong. First, much of the discussion from Goldman and Slater (and us) was about the lack of any clarity around the "standard." The bill says that "knowing conduct" that "assists, supports or facilitates" sex trafficking can make a platform guilty of civil and criminal violations of the law. But "knowing conduct" is not clarified. And as we've seen in other contexts, including in the copyright realm, years-long fights can happen in court over what "knowledge" might mean. The famous YouTube/Viacom fight, that went on for nearly a decade, was almost entirely focused on whether or not YouTube had knowledge of infringement, and whether the law required "specific" knowledge or "general" knowledge. Nothing in this bill clarifies that.
Even worse, the term "knowing conduct" is dangerously vague. It could be read to mean that if the site does something that it knows that it is doing, and it leads to facilitating sex trafficking -- even if the site doesn't know about that outcome -- it would constitute "knowing conduct." Goldman had pointed this exact problem out earlier in the hearing, so for Becerra to insist that this is a clear standard is ludicrous.
Becerra is also confused if he thinks this will lead internet companies to "more vigorously" come forward. Coming forward with evidence of sex trafficking will then be turned around on them as proof of "knowledge." With this law in place, why would any internet company be more willing to come forward when that only increases liability?
Finally, the idea that opponents need to come forward with other language is similarly weird. SESTA's supporters are the ones demanding a massive change in the underpinning of the internet. Shouldn't the burden be on them to prove that this will help and not hurt? And, on top of that, it also ignores the fact that many opponents have come forward with different language (which I know as a fact because someone ran some alternative language by me a few weeks ago, and again earlier this week). So either Becerra doesn't know that or he's being disingenuous.
I'll cut the next section where Blumenthal says (misleadingly) that a proposal put forth from tech companies was to curtail or "eliminate" the ability of State AGs to pursue violations of the law (the proposal I saw simply clarified when and how they could go after sites) and Becerra eagerly says that would be terrible, as you'd expect.
Blumenthal: Let me ask, Mr. Goldman, do you really believe that this law would cause sex trafficking to proliferate?
Goldman: Thank you, Senator, for the opportunity to clarify that. Indeed, my concern is that we already see a number of efforts on the part of legitimate players to reduce sex trafficking promotion. To the extent that any of those companies decide 'I am better off turning off my efforts across the board, to try to reduce the knowledge that I have,' then that creates a larger number of zones that the sites will not be taking the legitimate effort that we want them to take. It creates an environment where there's more places for that to occur.
This is an excellent and succinct explanation of the problem. Under SESTA, the "knowledge" standard is so vague and unclear, that actually doing what Congress wants -- policing sex trafficking -- creates "knowledge" and makes these companies liable under the law. Blumenthal, of course, doesn't seem to get it -- or doesn't care.
Blumenthal: You know, I have a higher opinion of the industry than you do. I really believe that this law will raise the bar, will increase consciousness, and that far from trying to evade, or, in fact, deny themselves knowledge, so as to avoid any accountability, they will be more energetic. I absolutely really believe that most of these companies want to do the right thing and that this law will give them an increased impetus and incentive to do so.
WHAT?!? First off, if the idea is to give companies a greater impetus and incentive to do what they already want to do (as Blumenthal claims...) then threatening them with criminal and civil penalties for simply "knowing" that their platforms are used for illegal activity seems like a totally fucked up way of doing so. If you want to encourage platforms to do the right thing, then why is the entire bill focused on punishing platforms for merely knowing that their platform was illegally used? Second, if Blumenthal truly had a higher opinion of tech companies, why is he misrepresenting what Goldman said, and saying that companies would choose to avoid knowledge to "avoid accountability"? That's not the issue at all -- and is, indeed, self-contradictory with Blumenthal's own statements. Companies want to do the right thing to reduce sex trafficking, but this bill puts them in legal jeopardy for even researching if their platforms are used that way. That's the point that Goldman was trying to make and Blumenthal totally misrepresents.
And then it gets worse. Goldman points out a separate issue, noting that big companies like Google and Facebook may have the resources to "do more" but startups without those resources won't be able to take the steps necessary to avoid liability under the law:
Goldman: There's no doubt that the legitimate players will do everything they can to not only work with the law enforcement and other advocates to address sex trafficking and will do more than they even do today. At the same time, the industry is not just the big players. There is a large number of smaller players who don't have the same kind of infrastructure. And for them they have to make the choice: can I afford to do the work that you're hoping they will do.
Okay, and here's where things get absolutely fucked up. Note what Goldman is clearly saying here: this bill will wreak havoc on startups who simply can't afford to monitor everything that people do on their platforms. And then, Blumenthal's response is to say that those startups are criminals who should be prosecuted:
Blumenthal: And I believe that those outliers -- and they are outliers -- will be successfully prosecuted, civilly and criminally under this law.
WHAT THE FUCK?!? Goldman was talking about tons and tons of smaller companies -- or anyone who operates any online service that enables user comments, where they can't monitor everything -- and under this law will have to make the choice of whether they do any monitoring at all or face the risk of that being used against them, and Blumenthal's response is that they should be prosecuted.
Senator Blumenthal: those companies are not outliers and they're not criminals. They're thousands upon thousands of smaller internet companies, many based in your home state of Connecticut, that you apparently want to see shut down.
That's messed up.
65 Comments | Leave a Comment..
Posted on Techdirt - 19 September 2017 @ 10:43am
It's fairly stunning just how often the NY Times Opinion pages are just... wrong. Nick Kristof, one of the most well known of the NYT's columnists, has spent years, talking about stopping sex trafficking -- but with a history of being fast and loose with facts, and showing either little regard for verifying what he's saying, or a poor understanding of the consequences of what he says. I would hope that everyone reading this supports stopping illegal and coerced sex trafficking. But doing so shouldn't allow making up facts and ignoring how certain superficial actions might make the problems worse. Kristof, in particular, has been targeting Backpage.com for at least five years -- but has been caught vastly exaggerating claims about the site to the point of potentially misstating facts entirely (such as claiming Backpage existed before it actually did, and that it operated in cities where it did not). Kristof also has a history of being laughably credulous when someone comes along with a good story about sex trafficking, even when it's mostly made up. He's been accused of having a bit of a savior complex.
And that's on display with his recent, extraordinarily confused piece attacking Google for not supporting SESTA -- the "Stop Enabling Sex Traffickers Act." As we've explained in great detail, SESTA (despite its name) is unlikely to stop any sex trafficking and likely would make the problem worse. That's because the whole point of SESTA is to undermine CDA 230, the part of the law that creates incentives for tech companies to work with authorities and to help them track down sex trafficking on their sites. What the bill would do is make websites owners now both civilly and criminally liable for knowledge of any sex trafficking activity on their sites -- meaning that any proactive efforts by them to monitor their websites may be seen as "knowledge," thus making them liable. The new incentives will be not to help out at all -- not to monitor and not to search.
Meanwhile, by putting such a massive target on websites, it will inevitably be abused. We see how people abuse the DMCA to take down content all the time -- now add in the possibility of sites getting hit with criminal penalties, and you can see how quickly this "tool" will be abused to silence content online.
But, never mind all of that. To Kristof, because the bill says it's against sex trafficking, and he's against sex trafficking, it must be good. And, he's quite sure that the only people against the bill are Google, and that there's ill-intent there.
Why? Why would Google ally itself with Backpage, which is involved in 73 percent of cases of suspected child sex trafficking in the U.S., which advertised a 13-year-old whose pimp had tattooed his name on her eyelids?
First of all, Kristof is, again, playing fast and loose with the facts if he thinks Google is an "ally" of Backpage. Google has directly come out and said that it believes that Backpage should be criminally prosecuted by the DOJ (remember, CDA 230 does not apply to federal criminal charges).
I want to make our position on this clear. Google believes that Backpage.com can and should be held accountable for its crimes. We strongly applaud the work of the Senate Permanent Subcommittee on Investigations in exposing Backpage's intentional promotion of child sex trafficking through ads. Based on those findings, Google believes that Backpage.com should be criminally prosecuted by the US Department of Justice for facilitating child sex trafficking, something they can do today without need to amend any laws. And years before the Senate's investigation and report, we prohibited Backpage from advertising on Google, and we have criticized Backpage publicly.
So, no, Google is not protecting Backpage. Kristof, towards the end of his post, waves off Google's strong words about Backpage as proof that it has no reason not to support this legislation, without even once grappling with (a) what Google actually says or (b) why Google (and tons of others) would still oppose this legislation as being tremendously damaging. Even if you're not quite as convinced as Google that Backpage has broken the law (the Senate Report appeared to take a number of Backpage actions completely out of context), to argue that Google is supporting Backpage is clearly just wrong. But, Kristof, having set up his thesis, is going to go for it, no matter how wrong:
The answer has to do with Section 230 of the Communications Decency Act, which protects internet companies like Google (and The New York Times) from lawsuits — and also protects Backpage. Google seems to have a vague, poorly grounded fear that closing the loophole would open the way to frivolous lawsuits and investigations and lead to a slippery slope that will damage its interests and the freedom of the internet.
"Poorly grounded fear?" That's just wrong. Kristof seems totally ignorant of issues related to intermediary liability on the internet -- an issue that has been studied for quite some time. When you give people tools to put liability on online services for the actions of their users, the tools are abused. Every time. They get abused for censorship. We know this. You don't have to look any further than the intermediary liability setup we have in the copyright realm, where every year we see millions of false DMCA notices filed just to censor content, and not for any reason having to do with copyright.
How do you think things will turn out when you're able to not just threaten a website with civil copyright penalties with limited damages, but with potential criminal penalties, through a vaguely worded law where mere "knowledge" can get your entire site in trouble? But again, Kristof doesn't care.
That impresses few people outside the tech community, for the Stop Enabling Sex Traffickers Act was crafted exceedingly narrowly to target only those intentionally engaged in trafficking children. Some tech companies, including Oracle, have endorsed the bill.
First, this is wrong. Lots of people outside the tech industry have raised concerns -- including free speech groups like the ACLU. But, even if it were only the tech community, why wouldn't you listen to the industry that actually has the experience in understanding how these kinds of laws are regularly abused to silence perfectly legitimate speech and to quash perfectly legitimate services? Wouldn't their input be valuable? Why does Kristof brush them off? As for the Oracle line -- let's be clear: Oracle and HP are the only "tech" companies that have come out in support of the bill, and neither run online services impacted by CDA 230. It's completely disingenuous to argue that Oracle represents "tech" when it's not an internet services provider who would be impacted by changes in CDA 230. Why even listen to them, rather than those who have the actual experience?
And the idea that this was "crafted exceedingly narrowly to only target those intentionally engaged in trafficking children" is just on its face, wrong. First off, the bill doesn't specifically just target trafficking having to do with children, but I think we can all agree that any trafficking is problematic. The issue is that it doesn't just punish those "intentionally engaged in trafficking." It specifically targets any website that is used in a way that "assists, supports or facilitates" trafficking and has broadly defined "knowledge" that the site is used that way. That's... not intentionally engaging in trafficking. It's much, much, much broader. Let's say you're Airbnb. SESTA makes it much riskier to be in business. If Airbnb hears that someone used Airbnb to traffic someone (which, unfortunately, is impossible to detect), now it risks criminal and civil lawsuits, because it "knew" of conduct that "assisted, supported, or facilitated." This is even if Airbnb doesn't know which accounts were used for this.
“This bill only impacts bad-actor websites,” notes Yiota Souras, general counsel at the National Center for Missing & Exploited Children. “You don’t inadvertently traffic a child.”
This is... just so misguided and wrong it's almost laughable. No, of course, no one "inadvertently" traffics a child. But that's not what this law is about. The law is about blaming websites if one of its users does anything related to trafficking someone via its services. And, that creates massive potential liability. Say someone wants to get our little site in trouble? They could just go and post links in comments to sex trafficking ads, and suddenly we're facing potential criminal charges. We're not Google. We can't hire staff to read every possible comment and recognize whether or not they're linking to illegal activity. And despite what some will say, even Google can't possibly hire enough staff, or get its AI good enough, to parse everything it touches to see whether or not it's linked to illegal activity. But under the current setup of SESTA, this leads you to a risk of massive liability.
The concerns here are real -- and Kristof is either ignorant or being purposely blind to the arguments here.
Senator Rob Portman, an Ohio Republican and lead sponsor of the legislation, says that it would clearly never affect Google. “We’ve tried to work with them,” Portman told me
This is laughable. The bill would impact basically every site, including Google. After all, it was just a few years ago, that a Mississippi Attorney General went on an illegal fishing expedition against Google -- put together by the MPAA's lawyers -- demanding all sorts of information from Google. Based on what? Well, Jim Hood said that because he could use Google to find sex trafficking ads, Google was breaking the law. A court tossed this out, and the two sides eventually settled, but under SESTA, Hood would now be able to go after Google criminally if any search turned up trafficking. And how the hell is Google supposed to make sure that no one ever uses any of its properties for sex trafficking?
But, never mind the facts. Kristof insists there's no issue here because the bill's sponsor says there's no issue.
Senator Richard Blumenthal of Connecticut, the lead Democratic sponsor, adds that “it’s truly baffling and perplexing” that some in the tech world (Google above all) have dug in their heels. He says the sex trafficking bill gathered 28 co-sponsors within a week, making it a rare piece of bipartisan legislation that seems likely to become law.
It's truly baffling that those with actual experience and knowledge in how weakening intermediary liability laws creates all sorts of problems are now telling you there will be all sorts of problems? And, really, isn't this the same Senator Richard Blumenthal who, when he was Connecticut Attorney General, was famous for campaigning against CDA 230 and blaming tech for basically everything? He's not exactly a credible voice. But, Kristof has his story and he apparently seems willing to believe anyone who says anything, no matter how little is based on facts, if it supports his version of the story.
I write about this issue because I’m haunted by the kids I’ve met who were pretty much enslaved, right here in the U.S. in the 21st century. I’ve been writing about Backpage for more than five years, ever since I came across a terrified 13-year-old girl, Baby Face, who had been forced to work for a pimp in New York City.
And you've been repeatedly called out and corrected for factual errors in your writing on this issue. Because you're quick to believe things that later turn out to be wrong. And, yes, stories like ones you've come across are awful and we should be doing everything possible to stop such exploitation. But blaming internet companies doesn't help. You blame the actual criminals, the ones trafficking the children. But, Kristof is clear: he doesn't care about blaming those actually responsible. He wants to take down internet companies. Because reasons.
But it’s not enough to send a few pimps to prison; we should also go after online marketplaces like Backpage. That’s why Google’s myopia is so sad.
Why? Why should we blame internet companies because people use them for illegal activity? What's wrong with blaming the people who actually break the laws? CDA 230, as currently written, encourages platforms to cooperate with law enforcement and to take down content. SESTA would undermine that and stop companies from working with law enforcement, because any admission of "knowledge" can be used against them.
In response to my inquiries, Google issued a statement: “Backpage acted criminally to facilitate child sex trafficking, and we strongly urge the Department of Justice to prosecute them for their egregious crimes against children. … Google will continue to work alongside Congress, antitrafficking organizations and other technology companies to combat sex trafficking.”
Fine, but then why oppose legislation? Why use intermediaries to defend Backpage? To me, all this reflects the tech world’s moral blindness about what’s happening outside its bubble.
Why oppose it? Because the legislation is a nuclear bomb on how the internet works and a direct attack on free speech. It's not "moral blindness" at all. In fact, SESTA would be a moral disaster because it removes incentives for companies to help stop trafficking, out of fear of creating "knowledge" for which they'll face civil and criminal lawsuits. This has been explained to Kristof -- and, in fact, people told him this on Twitter after his article was published, and he insisted that no one other than Google seemed concerned with SESTA.
That's also not true. As we've seen with our own letter, dozens of tech companies are worried about it. And we've talked to many more who admitted to us that they, too, think this is an awful law, but they're afraid of grandstanding folks like Kristof publishing misleading screeds against them falsely saying that worrying about SESTA is the same as supporting sex trafficking.
Incredibly, when an actual human trafficking expert and researcher, Dr. Kim Mehlman-Orozco, decided to challenge Kristof and point out that his opinions aren't backed up by the actual research, Kristof dismissed her views and data as not being as valuable as the few anecdotes he has.
Even if Google were right that ending the immunity for Backpage might lead to an occasional frivolous lawsuit, life requires some balancing.
Uh, what? This is basically Kristof first admitting that he's wrong that it won't impact sites other than Backpage, and then saying "meh, no biggie." But that's... really fucked up. We're not talking about the "occasional frivolous lawsuit." From what we've seen with the DMCA, it seems likely that there would be a rash of dangerous lawsuits, and companies being forced out of business -- not to mention tons of frivolous threats that never get to the lawsuit stage, but lead to widespread censorship just out of the fear of possible liability. How can Kristof just shrug that off as "balance"?
For example, websites must try to remove copyrighted material if it’s posted on their sites. That’s a constraint on internet freedom that makes sense, and it hasn’t proved a slippery slope. If we’re willing to protect copyrights, shouldn’t we do as much to protect children sold for sex?
HOLY SHIT. And here we learn that Kristof is so completely out of his depth that it's not even funny. Seriously, someone educate Nick Kristof a little on how the DMCA has been abused to silence speech, to kill companies and to create huge problems for free speech online? And that's with much lower penalties than what we're talking about with SESTA.
I asked Nacole, a mom in Washington State whose daughter was trafficked on Backpage at the age of 15, what she would say to Google.
“Our children can’t be the cost of doing business,” she said. Google understands so much about business, but apparently not that.
Ah, always close with a "for the children!" argument after making a bunch of statements that are just devoid of facts. No one is fighting this for the support of "business." They're doing it because they understand how important intermediary liability protections are against undermining how the internet works and how free speech works online. Kristof has a long history of not caring about facts so long as he gets a good story about just how concerned he is about trafficking. We're all concerned about trafficking -- but passing a law that will make the problem worse just to appear like you're a hero is not the solution, Nick.
57 Comments | Leave a Comment..
More posts from Mike Masnick >>
Re: 18f
I did write about it and it is linked in the story above. In the third paragraph.
Re: Really?
A lot of people don't like to carry their phones when running or doing other workouts, where the bulkiness of the phone gets in the way. I believe that's the market being targeted here.
Re:
Fuck him, he isn't a citizen of the US. Don't do the crime if you can't do the time.
Can you point out which "crime" he's been convicted of?
I'll wait.
Re: Re: Re: Re: Re: Re: Re: Re: Bananas indeed
This is not true. Both "effort" and "creative expression" are required for copyright.
You can say this as many times as you want and it doesn't make it true. The effort is not required for copyright in the US (other countries are different). There is literally no effort required. Just creativity.
My position is that both are required.
Your position is not the law of the US. It is directly contradicted by the law of the US.
In fact, effort can be used as one "test" to check whether your activity is in dangerous area relative to copyright.
This is not one of the tests under US law. You are making this up.
I don't want to be mean, but you appear to have zero knowledge of actual copyright law and, instead, are making shit up about how you think the law should work, that are directly contradicted by the actual law. Please stop.
Re: Re: Re: Re: Re: Re: Bananas indeed
It has already been pointed out to you that the Supreme Court has explicitly rejected "sweat of the brow" arguments for copyright. Copyright is officially not about the effort to create. It is only for new creative expression. And it does not apply to "useful articles" such as costumes.
Re: Oh, no, not the "Totally Ghoul" costume!
First, what puzzles you: it's a pun on "totally cool", so feeble that takes a trained expert like me to spot it.
Um. I get that part. Everyone gets that part. What I don't get is why you'd call a banana costume that.
Re: missed the point
Who the hell is Mark?
Re:
So let me get this straight. Before Trump, everything was fine. After Trump, everything is bad. Gotta love democratilism.
If that's what you got from this, you either didn't read the post, don't understand basic English, or are (most likely) just being a jerk.
Re: Re: Re:
Tim is a die-hard liberal, and isn't able to be objective about anything to do with Trump.
This should win funniest comment. As someone who's known Tim for a long time now, I don't think anyone could legitimately describe him as "liberal" let-alone a "die-hard liberal." Have you read what he writes or are you just assuming because of this one article he must be a liberal?
Re: Re: Re:
Which is why you hate it, you want a democracy, you will help destroy the nation!
Your partisan talking points are fun, but totally unrelated to the issue actually raised in the article.
If you are against democracy, then as Lessig notes, you must agree that the Supreme Court decided Bush v. Gore incorrectly, no?
Re: Politicians for the Ethical Treatment of Americans
That assumes that there's a clear purpose behind PETA's actions and a deeper level of thought beyond "LOOK AT MEEEEEEEEEE!" which I'm not ready to concede.
Re:
So there is only anger at the presidents elected during 2000, and 2016?
No. There is anger at the fact that the electoral college and the popular vote differed in both years.
I thought that was clear from the context -- it's why I called the issue stupidly partisan. If we'd had two such elections where the results went to different parties, perhaps we could have a more honest discussion).
The issue is not who won, but the popular vote v. the electoral college.
Re: Re: Oh, there's LOTS on phrases to put a hook on. Let's look at "good faith":
Congrats. You've done something impressive: presented the most incredibly wrong legal analysis I've seen this year.
Good work. Nothing in what you state above matches what the actual law is, says, or means. You have done something truly special. Take a bow.
Re:
What that points to more is a failing of a business model, rather than any great advantage of piracy.
Um. Yes. This is the point we've been making for 2 decades, during most of which you've been commenting mocking us for saying such things.
So, I guess, apology accepted. Thanks.
Re:
It might behoove Mike to go over the history of section 230 protection erosion if the party seeking coverage is actively engaged in censorship. Do they loose 230 protection if they attempt to censor (unless it is for some illegal act).
No, CDA 230 literally says the exact opposite. The whole point of CDA 230 was to encourage sites to take down content they didn't like, and says that you get NO CIVIL LIABILITY (an absolute immunity) for the choices you make in moderating content on your platform.
So, the fact that the party is using it to take down legal content does not do away with 230 protections. It's the point of 230 protections.
Re: Re: Re: Re:
My guess: The argument hinges on how Twitter contains all kinds of “objectionable” material and remains on the App Store, while Gab contains similarly “objectionable” material but got the boot. The real argument, then, hinges on how Gab admins/mods/higher-ups moderated their service as opposed to how Twitter’s team moderates their service.
That's meaningless for a CDA 230 analysis, honestly. CDA 230 is clear that the platforms get to decide. It says nothing about treating different users differently.
Re: Med domstolsregleringen, Fläktens undertexter Officiellt upphovsrättsintrång i Sverige
I was wondering why when I opened the page Google popped up a box asking me if I wanted to translate this page. Now I know why.
Re: Re:
The problem is Google arbitrarily enforcing policy, which is illegal and can get them into legal hot water.
Pretty much all of the case law on CDA 230 says you're completely and totally wrong. CDA 230(c)(2) says that a company shall not be held liable for "any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected."
The only way around that is to climb the very, very, very difficult mountain of arguing that Google's actions here are not "taken in good faith." And I'm unaware of a single CDA 230 case that has successfully argued that such actions were not taken in good faith, and I see almost no path to argue here that the actions were not taken in good faith, despite what's claimed in the lawsuit.
Re: typo
Hmm. That typo was fixed about 8 hours before your comment... You sure it was still showing or were you looking at an old/cached copy?
Re: Re: Re: I think your wording can be wrongly interpeted
I wonder if the MAFIAA came in support of the law...
Of course they did...
http://variety.com/2017/politics/news/sex-trafficking-act-21st-century-fox-1202557318/